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EXTREMELY SECURE METHOD FOR KEYING STORED CONTENTS 
TO A SPECIFIC STORAGE DEVICE 



Field of Invention 

Invention relates to securing data in a storage medium device, more particularly to 
methods of securing specific files in a storage medium device to prevent use of 
unauthorized copies of the specific files. 



Background of Invention 
The relatively open and known architecture of a typical hard disk drive (HDD) 
renders it fairly easy for determined and minimally-funded attackers to duplicate content 
stored on the HDD. Low-level block copy software is easily available and produces an 

1 5 unauthorized drive image copy of the stored HDD content that is indistinguishable from 
the authorized source HDD for many host applications. Preventing a determined attacker 
from copying a drive's image to another drive and then using that copy on another host is 
difficult. Standard content encryption methods typically disallow viewing of the copied 
encrypted content, but it does not securely prevent the use of that content on another host 

20 having a valid decryption or usage key. 



Typically, hardware authorization keys have been used to identify an authorized 
host. These keys have an added hardware cost and have historically been broken and 
duplicated in as little as a few days. This approach does not normally differentiate 
25 between source and copied contents. Other approaches to protect against unauthorized 
copying and / or use of disk contents typically require adding hardware to the host and / 
or disk drive to provide a secured or keyed communication channel and encrypted or 
keyed contents on the HDD. This approach generally adds hardware cost to the host and / 
or HDD. Also, this solution is not always transportable across HDD vendors because they 
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can require custom hardware. Moreover, copying encrypted contents to another HDD 
does not explicitly prevent its use. Another typical prior approach is requiring the 
original authorized CD-ROM to be physically present in a CD drive during use of the 
software or data. However, copying the original CD-ROM is easy. Thus, there is a need 
5 for a method to secure specific files to prevent the use of an unauthorized copied file 
stored on a storage medium. 

Summary of Invention 
An extremely secure method for keying source contents to a source storage 
10 medium is provided to prevent use of unauthorized copies, where there is no significant 
added cost to the disk drive. The host processor can use a well characterized encryption 
algorithm such as DES and a hard disk drive's (HDD's) statistically unique, immutable 
and verifiable physical attribute, such as the defect list, servo or channel characteristics to 
write a unique signature, or fingerprint, on a source medium. Accordingly, the extremely 
15 secure method of this invention allows use of source content with other similar hosts, but 
correspondingly disabling all copies of the sanctioned drive in any host. 

The host processor reads the source medium original defect list or other such 
relatively immutable physical attribute. It then merges a representation of the attribute 

20 and the content to be secured. The host processor then encrypts the resulting content with 
a well-characterized algorithm such as DES. When a host wants to use the sanctioned 
source contents, it reads the source content from the storage medium and decrypts it with 
a decryption key. The host then parses the defect list out of the source content and 
explicitly reads the local storage medium defect list. If the resulting decrypted defect list 

25 matches the local storage medium defect list, then the host recognizes the local medium 
contents as sanctioned and the host continues use and processing of the source contents. 
If there is no match, then the local medium content is determined to be an unauthorized 
copy of the source storage medium. The host then rejects the use of the contents. 
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Brief Description of Drawings 
Fig. 1 is a generalized block diagram of an extremely secure system for keying 
5 stored contents to a storage medium in accordance with the principles of the present 
invention; 

Fig. 2A shows a generalized flowchart of an extremely secure method for keying 
stored contents to the storage medium in accordance with the present invention; 

Fig. 2B shows a generalized flowchart of an extremely secure method for reading 
10 and verifying fingerprinted contents in a local storage medium in accordance with the 
present invention; 

Fig. 3 shows a more expanded flowchart of the steps of storing fingerprinted 
contents of Fig. 2A; 

Fig. 4 shows a more expanded flowchart of the steps of reading and verifying 
1 5 contents of Fig. 2B . 



Detailed Description of Preferred Embodiment 
During the manufacturing process, a hard disk drive (HDD) goes through a 
20 process of detecting media defects. These defects are represented by specific Physical 
Block Addresses (PBAs), collated and stored on the HDD in a structure called the "defect 
list," such as a "P-list " to insure that a host processor would never store user data in one 
of the defective PBAs. This list is immutable and does not change throughout the life of 
that drive. It is a physical, statistically unique, verifiable and relatively immutable 
25 (PSUVI) characteristic of that HDD. This list is an inherent physical signature that 
statistically differentiates each HDD from another. 

Fig. 1 illustrated a generalized system block diagram 10 of an extremely secure 
system for keying stored contents to a storage medium in accordance with the principles 

4 
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of the present invention. The extremely secure keying stored content system 10 comprises 
a host system 12 comprising a host interface 14 coupled to a host microprocessor 16, 
which is then coupled to other host system hardware generalized for simplicity here as 
general system 17. Host system 12 stores an extremely secure software application 100 
5 to be later described in further detail with reference to Figs. 2-4. Extremely secure 

system 10 also comprises a disk drive unit 20 coupled to host unit 12 via a host-to-drive 
interface 18. Disk drive unit 20 comprises an interface and storage medium processor 
system 22, a servo system 24, a read/write system 26, one or more storage disks 30, and a 
preamplifier 28. Preamplifier 28 reads a PSUVI characteristic corresponding to, for 
10 example, "the defect list," or any other PSUVI associated with one or more storage disks 
30. The read PSUVI characteristic is then used by host system 12 to encrypt a source 
content stored on the one or more storage disks 30. 

Figs. 2A and 2B illustrate generalized flowcharts of extremely secured method 100 for 
1 5 keying stored contents to the storage medium (Fig. 2A) and for reading and verifying 
fingerprinted contents of stored information (Fig. 2B) in accordance with the present 
invention. In general as illustrated by this embodiment, in a first step 104 during a 
"storing fingerprinted contents" operation 102, a request is sent by host processor 16 to 
disk drive processor 22 to read a PSUVI characteristic, such as the defect list. During a 
20 second step 106, the read defect list is then combined with a specified file content to be 
secured to generate a fingerprinted content. In a step 146, the fingerprinted content can 
be encrypted first prior to storing. Then in step 108, host processor 16 then commands 
disk processor 22 to store the fingerprinted content on disk 30. During a "reading and 
verifying fingerprinted contents" operation 1 10, the host processor 16 commands the disk 
25 drive processor 22 to read fingerprinted content. In step 1 14, host processor 16 separates 
content and fingerprint. Subsequently, host processor 16 requests fingerprint from 
storage device 116. Then in step 118, host processor 16 compares content and storage 
device fingerprint. In a last step 120, the host processor 16 decides to use or not to use 
content based on comparison in step 118. 
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Fig. 3 illustrates in greater detail a sample method of storing fingerprinted content 
102. In this example, host processor 16 would execute steps wherein host processor 16 
requests a fingerprint from a storage device 20, such as a defect list from storage device 
5 20, follow by step 106 wherein host 16 combines content of a file to be secured with the 
retrieved fingerprint, and step 108 wherein host 16 commands storage device to store 
fingerprinted content. As illustrated in more detail in Fig. 3, one embodiment to step 104 
of requesting a fingerprint comprises: 

1 . Host 1 6 using open protocol to request secured communication from HDD in step 
10 130; 

2. HDD 20 identifies a PSUVI characteristic, such as a defect list in step 132; 

3. HDD 20 then generates a decryption key and encryption key in step 134; 

4. HDD 20 then returns encryption key to host 16 in step 136; 

5. Host 16 then uses encryption key and switches to encrypted protocol in step 138; 
1 5 6. Host 16 then requests fingerprint PSUVI characteristic 140; and then 

7. HDD replies with PSUVI fingerprint in step 142. 

As illustrated in more detail in Fig. 3, one embodiment to step 106 of combining 
content to be secured with the retrieved fingerprint comprises: 
20 1 . Host 16 creating a hybrid content by combining content and fingerprint 144; and 

2. Host 16 encrypting hybrid content with public key 146. 

Additionally, step 108 of storing fingerprinted content may comprise host 16 
commanding HDD to write hybrid content 148. 

25 

Fig. 4 illustrates in greater detail a generalized method 1 10 of reading and 
authenticating a source content method of Fig. 2B. In this example, generalized method 
1 10 of reading and verifying fingerprinted content comprises a first step 1 12 of a 
processor 16 commanding storage device 20 to read fingerprinted content. For 
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convenience of illustration, we assume processor used in this example is host 16. 
However, it is envisioned that the processor or host referred to and used herein to 
implement method 1 10 of reading and verifying source content can be generally a 
processor in any host system coupled to a storage device 20. Method 110 further 
5 comprises step 1 14 wherein host 16 separates file contents to retrieve the fingerprint 
content. Subsequently, in step 1 16, host 16 requests current storage device to provide 
fingerprint information. Host 16 then compares in step 118 fingerprint separated in step 
1 14 with fingerprint retrieved in step 1 16 to verify fingerprints, and finally in step 120, 
host 1 6 then decides whether to use or not to use content based on the comparison step 
10 118. 

Fig. 4 further illustrates a sample detailed embodiment of steps described above for 
method 1 12 to read and verify fingerprinted contents. 
1 . Reading the defect list from the HDD (steps 1 60 and 1 62). 
15 2. Decrypting the encrypted content. Parsing the vector subparts from the contents (steps 
164-170) 

3 . Reassembling the subparts into a P-list vector (step 1 72). 

More detailed implementation details for steps described in method 1 10 are provided 
20 also in Fig. 4 and are self-explanatory. Different possible embodiments of methods to 
verify authenticity of a copied file are envisioned and contemplated. The following 
described sample methods include using the defect list of a disk: 

Signature Verification Method Example 1: 

25 1 . Perform low-level writes and reads on some or all of the PB As in the defect list to 
determine whether or not read errors occurred at the supposed defect locations. 
Special microcode may be used to enhance the security of this verification step and 
protect from unauthorized interferences, or "man-in-the-middle" attacks. 
Well-characterized security methods for providing secured communications and 
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generating encryption keys from the HDD's unique signature, such as Diffie-Hellman, 
are well-documented in the security community and may be used herein. 

2. Defects in the defect list do not necessarily have a probability of error equal to 1 .0. 
5 Therefore the host would then determine that either a statistically large percentage of 

the P-list did point to defective PBAs and that the P-list was valid for the HDD, or 
that a statistically small percentage of the P-list pointed to defective PBAs and that 
the P-list was invalid for the HDD. 

10 3 . If the defect list was invalid, then the host would take steps to not use the HDD 
contents. 

4. If the defect list was valid then the host would use the content. 

15 

Signature Verification Method Example 2: 

If a unique signature other than the defect list is to be used, then the verification 
method changes accordingly. As an example, if Servo Burst Correction Values (BCVs) 
were used, measurement with BCVs turned on and off could indicate the validity of the 
20 HDD's current BCV values and whether or not they were altered. The same secured 
communications and key generation steps could be used to protect this verification 
algorithm. 

Any items added to, or substituted for, the defect list in the algorithm prior to 
25 encryption fall into two categories: 

PSUVI Characteristics: Relatively Immutable Physical Attributes Linkable 
to A Specific Head-Disk Assembly (HP A) or PCB. The signature attribute of this 
category is related to the statistically unique physical properties of the HDA or 

8 
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electronics. A defect list falls into this category. These physical properties cannot be 
changed by a reasonable level of attack and can be measured by the drive. Servo wedge 
defects, BCV-related RRO responses, certain TMR behaviors, servo transfer functions 
and read or write channel optimization parameters related to individual heads also fall 
5 into this category. Any item in this category could substitute for the "defect list" above 
and satisfy the intent of this disclosure. The benefit of using a defect list based HDD 
differentiation is the low probability of any two HDDs having the same defect list and 
also that this list is physically verifiable, so that a change in the defect list is detectable. 



10 Non-PSUVI Characteristics: Relatively Mutable Attributes Physically linked 

to a Specific Head-Disk Assembly (HP A) or PCB. Serial numbers on configuration 
pages, post-production defect list ("G-lists") and PROM contents fall into this category of 
non-PSUVI characteristics. These items are not statistically unique physical properties of 
the HDA or electronics, and they may be changed by an attacker with no secure method 

1 5 of verification. These attributes can be used, but typically require lengthening the 
encoded vector to statistically increase the time required for an attacker to break the 
encryption. 



Key advantages of this invention are that no added hardware is necessary. This 
20 invention can be implemented using preexisting hardware, and can be implemented on 
existing hosts and HDDs. This invention deters against minimally to significantly funded 
unauthorized breaches or accesses of a secured content. Hosts, or local processors on 
hosts, can be responsible for security methods, rather than the drive. Moreover, this 
invention can be implemented with existing security methods. 

25 

The parts of this system that may require restricted access comprise the encryption 
/ decryption keys and verification algorithms. Methods for encryption and access 
restriction are well documented in the security community. The specific algorithms for 
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encryption / decryption such as DES, or key generation algorithms such as 
Diffie-Hellman, are well-characterized and documented in the security community. 

Foregoing described embodiments of the invention are provided as illustrations 
5 and descriptions. They are not intended to limit the invention to precise form described. 
In particular, it is contemplated that functional implementation of invention described 
herein may be implemented equivalently in hardware, software, firmware, and/or other 
available functional components or building blocks. Other variations and embodiments 
are possible in light of above teachings, and it is thus intended that the scope of invention 
1 0 not be limited by this Detailed Description, but rather by Claims following. 
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Claims 

What is claimed is: 

1 . An extremely secure method for a host processor to key a source content to a 
source storage medium to prevent use of an unauthorized copy of the source content 

5 comprising the host processor storing a fingerprinted content comprising the steps of: 
determining a source fingerprint from the source storage medium; 
combining the content to be secured with the source fingerprint to generate the 
fingerprinted content; and 

instructing the source medium to store the fingerprinted content. 

10 

2. The extremely secure method of Claim 1 further comprising the step of a 
processor reading and verifying the fingerprinted content, the reading and verifying 
step comprising the steps of: 

instructing a local storage medium to read the fingerprinted content; 
1 5 separating the content to be secured from the source fingerprint; 

requesting a local fingerprint from the local medium; and 
comparing the local fingerprint with the source fingerprint and in response to the 
comparison determining whether to use the source content. 

20 3 . The extremely secure method of Claim 2 wherein the step of requesting a source 
fingerprint further comprises: 

using an open protocol to request a secured communication from the source 
medium; 

identifying a physical, statistically unique, verifiable and relatively immutable 
25 characteristic (PSUVI) associated with the source medium; 

generating at least one of encryption and decryption keys; 
returning the encryption key to the host processor; 

using the encryption key to convert the source content to an encrypted protocol; 
requesting from the source medium the PSUVI fingerprint characteristic; and 

11 
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the source medium responding to the host processor with the PSUVI fingerprint. 

4. The extremely secure method of Claim 2 wherein the step of combining the 
source content with the source fingerprint to generate the fingerprinted source contents 
5 further comprises : 

creating a hybrid content to be secured by combining the content to be secured 
and the source fingerprint; and 

encrypting the fingerprinted source content with an encryption key. 

10 5 . The extremely secure method of Claim 2 wherein the step of requesting a local 
fingerprint from the local storage medium further comprises the steps of: 

requesting from the local storage medium a local fingerprint PSUVI 
characteristic; 

replying to the host processor with the local fingerprint PSUVI; and 
1 5 performing a secured verification of the local fingerprint PSUVI. 

6. The extremely secure method of Claim 2 wherein the step of requesting a source 
fingerprint further comprises: 

using an open protocol to request a secured communication from the source 
20 medium; 

identifying a relatively mutable physical attribute (Non-PSUVI) associated with 
the source medium; 

generating at least one of encryption and decryption keys; 
returning the encryption key to the host processor; 
25 using the encryption key to convert the source content to an encrypted protocol; 

requesting from the source medium the non-PSUVI fingerprint characteristic; and 
the source medium responding to the host processor with the non-PSUVI 
fingerprint. 
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7. The extremely secure method of Claim 2 wherein the step of requesting a local 
fingerprint from the local storage medium further comprises the steps of: 

requesting from the local storage medium a local fingerprint non-PSUVI 
5 characteristic; 

replying to the host processor with the local fingerprint non-PSUVI; and 
performing a secured verification of the local fingerprint non-PSUVI. 

8. An extremely secure system to prevent use of an unauthorized copy of a source 
10 content on a storage medium comprising: 

a host processor; and 

a storage medium, the storage medium comprising a storage medium processor, a 
host processor interface, a servo system, a read/write system, one or more storage 
disks, and an attribute detector to read a PSUVI characteristic from the one or more 
1 5 storage disks to use by the host processor to encrypt a content to be secured. 

9. An extremely secure system to prevent use of an unauthorized copy of a source 
content on a storage medium comprising: 

a host processor; and 

20 a storage medium, the storage medium comprising a storage medium processor, a 
host processor interface, a servo system, a read/write system, one or more storage disks, 
and an attribute detector to read a non-PSUVI characteristic from the one or more storage 
disks to use by the host processor to encrypt a content to be secured. 

25 10. An extremely secure fingerprinted content of a storage medium, wherein the 
fingerprinted content comprises a content to be secured combined with a fingerprint 
generated from a PSUVI characteristic of the storage medium. 
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11. An extremely secure fingerprinted content of a storage medium, wherein the 
fingerprinted content comprises a content to be secured combined with a fingerprint 
generated from a non-PSUVI characteristic of the storage medium. 
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Abstract 

An extremely secure method for keying source contents to a source storage 
5 medium provided to prevent use of unauthorized copies at minimal cost. The host 

processor combines a unique, immutable and verifiable physical attribute of a hard disk 
drive, i.e., the drive's defect list, with the content to be secured to write a corresponding 
fingerprinted encrypted content on a source medium. When a local processor wants to use 
the sanctioned source content, the fingerprinted content is read from a local storage 

1 0 medium. The local processor then decrypts and separates the defect list out of the source 
content and reads the local storage medium defect list. If the decrypted defect list matches 
the local storage medium defect list, then the local processor recognizes the local 
sanctioned medium and continues processing that source contents. Otherwise, a non- 
matching defect list comprises an unauthorized copy from the source to the local storage 

1 5 medium. 
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DECLARATION FOR PATENT APPLICATION 

As a below named inventor, we hereby declare that: 

Our residence, post office address and citizenship are as stated below next to our 

names. 

We believe that we are the original, first and joint inventors of the subject matter 
which is claimed and for which a patent is sought on the invention entitled 
EXTREMELY SECURE METHOD FOR KEYING STORED CONTENTS TO A 
SPECIFIC STORAGE DEVICE, the specification of which 

_X_ is attached hereto. 

was filed on as Application Serial No. , 

and was amended by on : 

We hereby state that we have reviewed and understand the contents of the above- 
identified specification, including the claims, as amended by any amendment referred to 
above. 

We acknowledge the duty to disclose information which is material to the 
examination of this application in accordance with Title 37, Code of Federal Regulations, 
Section 1.56(a). 

We hereby claim foreign priority benefits under Title 35, United States Code, 
Section 119 of any foreign application(s) for patent or inventor's certificate listed below 
and have also identified below any foreign application for patent or inventor's certificate 
having a filing date before that of the application on which priority is claimed: 

Prior Foreign Applications Priority Claimed 

NONE 
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(Number) 



(Country) (Day/Month/Year Filed) 



Yes No 



(Number) 



(Country) (Day/Month/Year Filed) 



Yes No 



We hereby claim the benefit under Title 35, United States Code, Section 1 19(e) of 
any United States provisional application(s) listed below: 



We hereby claim the benefit under Title 35, United States Code, Section 120 of 
any United States applications(s) listed below and, insofar as the subject matter of each of 
the claims of this application is not disclosed in the prior United States application in the 
manner provided by the first paragraph of Title 35, United States Code, Section 1 12, 1 
acknowledge the duty to disclose material information as defined in Title 37, Code of 
Federal Regulations, Section 1.56(a) which occurred between the filing date of the prior 
application and the national or PCT international filing date of this application. 

NOT APPLICABLE 



(Application Serial No.) (Filing Date) (Status) 



(Application Serial No.) (Filing Date) (Status) 

We hereby declare that all statements made herein of our own knowledge are true 
and that all statements made on information and belief are believed to be true; and 
further that statements were made with the knowledge that willful false statements and 
the like so made are punishable by fine or imprisonment, or both, under Section 1001 of 
Title 18 of the United States Code and that such willful false statements may jeopardize 
the validity of the application or any patent issued thereon. 



Provisional Application No. 



Filing Date 
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On behalf of Quantum Corporation, Assignee of our entire right, title and interest, 
we hereby appoint the following attorney(s) and/or agent(s) with full power of 
substitution to act exclusively for Quantum Corporation to prosecute this application and 
transact all business in the Patent and Trademark Office connected therewith; 
JONATHAN B. PENN, Registration No. 32,587, HENRY J. GROTH, Registration No. 
39,696. Please address all correspondence and communications to: 

HENRY J. GROTH 
Patent Law Manager 
Quantum Corporation 
500 McCarthy Blvd. 
Milpitas, CA 95035 
Telephone (408) 894-5425 



All telephone calls should be directed to HENRY J. GROTH, telephone number 
(408) 894-5425. 



Full Name of Inventor: 



Date 



STOPHER M. CARPENTER 




Inventor's Signature: 

Inventor's Residence: 549 S. Frances Street, Sunnyvale, CA 94086 
Citizenship: USA 

Post Office Address: Same as residence address above. 



Full Name of Inventor: TODD PETER CARPENTER 

Inventor's Signature: 

Date: 

Inventor's Residence: 855 S. Lexington Parkway, MN 55116 
Citizenship: USA 

Post Office Address: Same as residence address above. 



Full Name of Inventor: 
Inventor's Signature: 




3 



Docket No. Q00-1000-US1 



Date: (,Ua[ 



Inventor's Residence: 2753 Glauser Drive, San Jose, CA 95133 
Citizenship: USA 

Post Office Address: Same as residence address above. 
Full Name of Inventor: CHRIS PAUL DUDTE 

Inventor's Signature: fit (9 A 



Inventor's Residence: 5375 Saginaw Court, Reno, NV 89433 
Citizenship: USA 

Post Office Address: Same as residence address above. 
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